NetEqualizer DDoS Firewall: Simple and Effective without the Bloat

One of the challenges when creating a security tool is validating that it works when the S$%^ hits the fan.  We have heard (via anonymous sources) that many of the high-dollar solutions out there create bloated, rotting piles of information, whose only purpose is to look impressive due to their voluminous output.  A typical $100K buys you a CYA report. A tool that covers  everything, leaving the customer to decide what to do; which is usually nothing or some misguided “make work”. These non-specific tools are about as useful as a weather forecast that predicts everything all the time. Rain, Snow, Wind, Hot, Cold, for everyday of the year. If you predict everything you can’t be wrong?

On the other hand, the reports from the field coming in for our DDoS tool are:

Yes, it works.

Yes, it is simple to use.

Yes, it takes action when appropriate.

We have confirmation that our DDoS tool, combined with our shaping algorithms, has kept some very large institutions up and running while under very heavy, sophisticated DDoS attacks.   The reasons are simple. We look at the pattern of incoming packets in a normal situation.  When the pattern reaches a watermark that is clearly beyond normal, we block those incoming circuits. If needed, we can also take a softer approach, so the attacker is not aware we are throttling them.  This is needed because in some situations outright blocking will alert the attacker you are on to them and cause the attacker to double-down.

When under DDoS attack you don’t need reports; you need immediate action. If you would like to discuss our solution in more detail feel free to contact us.

A Cure for Electronic Theft ?

What if we created  a new electronic currency a-la Bitcoin with a twist.   Let’s start by taking an idea from the Federal Government, and put a water mark on our personal funds , something unique that signifies who legally possesses the currency. Cattle ranchers do this with a brand so nobody steals their cattle.  This has worked pretty well for a few hundred years right ?

With our new personal watermark, suppose somebody breaks into your bank, and wires all your money to some idiot in Russia. In today’s world the only way to find that money is to follow the trail, and that takes a huge effort from a banking forensics person, working with International governments.  The money may travel so fast it may not be possible to recover. Now, suppose the funds had an electronic tag that could not be altered by a criminal.   For example currency in your possession  has  a public private encryption key, and only you can authorize a change in possession.

I am not going to spend any more effort on the mechanics of currency ownership, suffice to say it could be done in many different ways. The problem with my proposed solution is the resistance it will meet from all sides.

  • The privacy crowd, will beat the drum and scare ignorant people  into thinking that the government will know how much money they have. The flaw with this argument is , unless you are underground and dealing in cash now, every bank transaction you have ever made is visible to the government. In essence, there is no net change here in terms of privacy. I’d also be fine with an optional cash currency for those that want to opt out, I don’t really care. For tax paying citizens with nothing to hide there is no new privacy downside to watermarking your funds.
  • The security industry will backdoor fight this tooth and nail. As I alluded to in a previous article , the security business has grown to a magnitude of scale well beyond the assets they protect. In other words the security industry is extorting more funds than the actual threat they are protecting you against.
  • Mexico, a country that does 80 billion plus in the drug trade, has no interest in traceable funds. Someplace, some-where, they  will lobby against this change, under the guise of some legitimate reason.
  • Politicians and their donors. Despite the rhetoric, there is absolutely no incentive to make this process transparent.

IT Security Business Is Your Frenemy

Is there a security company out there working in conjunction with a hacker, possibly creating the demand for their services? The old Insurance protection shakedown turned high tech? And, if so, how would you know?  I try to make it clear to our customers  that we are not in the security business for this very reason, but for most IT equipment and consulting companies security is becoming their main business driver.

If the world’s largest automaker will commit fraud to gain an advantage, there must be a few security companies out there that might rationalize breaking into a companies network, while at the same time offering them security equipment in order to make a sale.  Perhaps they are not meeting their sales goals, or facing bankruptcy, or just trying to grow. The fact is, IT investment in security is big business.   The train is rolling down the tracks, and just like our war on drugs, increased spending and manpower seems to have no measurable results.  Who makes more money, companies that make bank vaults, or the criminals that attempt to rob banks? I bet, if you add up all the revenue gleaned from stolen credit cards or other electronic assets, that it is pennies on the dollar when compared to spending on IT security.

NetEqualizer News: September 2015

September 2015


Enjoy another issue of NetEqualizer News! This month, we spotlight the NetEqualizer Installation Process, walk through the updated Viewing Traffic section of our NetEqualizer Quick Start Guide, discuss our expanded DDoS Firewall, and show off our new NetEqualizer 8.3 User Guide. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

We are almost officially in the fall season in the Northern Hemisphere, and I am enjoying harvesting all my tomatoes, and sadly, very few (and small) pumpkins! Some really good news, though, is that I think my fencing successfully thwarted a raccoon or skunk that was attacking my garden. art

Speaking of attacks, this month I have an update on our DDoS Monitor & Firewall modules. We also are ready to harvest updated 8.3 Documentation, which can educate you on our new features. And finally, we are excited to spotlight our Installation Process, which you can take advantage of for any new NetEqualizer or trade-in!

twitterAnd remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at I would love to hear from you!

Spotlight on: The NetEqualizer Installation Process

We recently added a process for all new and trade-in NetEqualizer sales that we are very excited about – the NetEqualizer Installation Process!

This process assigns you an Installation Engineer at the time of sale or trade-in. The sole purpose of the installation engineer is to ensure that you get your NetEqualizer set up correctly and that any questions you might have are answered.

We can be as involved or hands-off as you would like us to be.

What we can do for you:95eddc45-a83d-4581-8768-51480d718587

Review a Diagnostic:
Send us a diagnostic of your recently set up NetEqualizer so that our Support Team can analyze it for misconfigurations or other problems.

Review Traffic Limit settings:60b7a936-f0fb-4b75-bd85-6f31fcb180a9
Many customers want to use Pools, Hard Limits, and Priority Hosts. We can help by reviewing your traffic limiting strategy and providing best practice recommendations.

Review your install over a WebEx:
We can schedule a time to go over your system using the WebEx screen-sharing utility. During this time we can look at live traffic, review settings, or answer any other questions that might come up.a66e4c89-c606-4011-96f7-b74e85d5b0e9

Connect remotely to your NetEqualizer:
If your NetEqualizer is available remotely, we would be happy to log in and do any required support tasks or settings adjustments.

Answer questions via phone or email:
If you just have a quick question regarding our product, feel free to email our Support Team or your Installation Engineer any time!

How you benefit:

There are many benefits that this service provides to both technical and non-technical customers. For example:

  • You can proactively prevent problems by letting us review your setup for potential issues.
  • You can optimize your NetEqualizer for your network so that your users have a great experience online. Every environment is different and we can help with the most efficient settings.
  • You can learn more about our product, technology, and features. This will allow you to more effectively administer the device.

The NetEqualizer Installation Process is free to anyone who purchases a new NetEqualizer or trades in an old unit for a new one.

What if I just need to learn about the latest NetEqualizer releases?

You need a Tech Refresh! All customers that have valid NetEqualizer Software and Support (NSS) are eligible for additional training and help, via our Technical Refresh. Contact our Support Team to schedule a Tech Refresh today.

To find out more about our new Installation Process, contact us!


8.3 Quick Start Guide –
Viewing Traffic

Earlier this month, we enhanced our Quick Start Guide to talk in more detail about how to view traffic going through the NetEqualizer using our reporting tool (Dynamic RTR).bb536892-85a9-4e08-9647-4103f03ef363

Here is a preview of what we added to the Quick Start Guide. To check out all the changes, see the full version of the guide here (starting on page 12).


View Current Traffic
Use the Active Connections menu and sub-menus to look at what is happening on the NetEqualizer right now.

Seeing traffic successfully pass through your device after the initial set up is a
great sign things are working properly!

View Historical Traffic
But, once that is up and running, you’ll want to set up reporting so that you can see what’s been happening on your network historically.

In order to get the most from the NetEqualizer reporting tool, you’ll want to follow these steps:

1) Start RTR
This is required for tracking data historically.

2) Add IPs to Track
InRTR, add IP addresses you want to save traffic history for to Manage Traffic History -> Manage Tracked IPs. Most of the time, this will be all your local subnets.

3) View History
Use the Traffic History menu and sub-menus to look at what has happened on the NetEqualizer in the past.

If you’d like a Tech Refresh to walk through any of the reporting features, including the enhanced ability to view traffic, and are current on NetEqualizer Software and Support (NSS), contact us today!


DDoS Firewall Expanded –
Notes from the Field

As a special bonus in our DDoS Firewall, we found out during implementation that we can also program our firewall scripts to identify an internal virus or hijacked computer.

If you are interested in more visibility in detecting an outside attack or virus-laden computer within your network, feel free to contact us for a quick consulting session, and we’ll see if we can customize a firewall and notification system for you!

The DDoS Firewall is an add-on module to the NetEqualizer. Please contact us to learn about pricing for your environment.


8.3 User Guide Now Available!

We have talked a lot in past newsletters about the 8.3 Release and all the new and exciting features we’ve added.

Starting today, all of those new features are now described in detail in our 8.3 User Guide! This document is a great resource for ensuring RTR is set up correctly and also to provide assistance in answering any questions you might have.

Learn more about these exciting new features:

1) Top Talkers Report – this has been one of the most requested graphs and was a popular feature of our previous reporting tool, ntop. You can use this feature to see which IP addresses have used the most bandwidth over time.


2) General Penalty Report – we are bringing this one back from the first version of RTR! You can see both IPs that are currently being penalized, as well as a historical count of penalties that have occurred over time.


3) Connection Count Report – NetEqualizer controls P2P traffic by using connection count limits on IP addresses. However, figuring out what limit to set for your network depends on how it’s used. You can use the new Connection Count Report to see how many connections individual IP addresses have, and thus set your connection limit to the appropriate level.


You can read more about all of the features of the 8.3 Release here, in our updated User Guide. If you have any questions, contact us!


Best Of The Blog

Death to Deep Packet Inspection?

By Art Reisman – CTO – APconnections

A few weeks ago, I wrote an article on how I was able to watch YouTube while on a United flight, bypassing their layer 7 filtering techniques. Following up today, I was not surprised to see a few other articles on the subject popping up recently…

Photo Of The Month
Bobcat Caught on Wildlife Cam
The bobcat is a cat which first appeared nearly 1.8 million years ago. Containing 12 subspecies, it ranges from southern Canada to central Mexico – including much of the United States. This one was recently captured on a staff member’s wildlife camera.

Death to Deep Packet Inspection?

A few weeks ago, I wrote an article on how I was able to watch YouTube while on a United flight, bypassing their layer 7 filtering techniques. Following up today, I was not surprised to see a few other articles on the subject popping up recently.

Stealth VPNs By-Pass DPI

How to By Pass Deep Packet Inspection

Encryption Death to DPI

I also just recently heard from a partner company that Meraki/Cisco was abandoning their WAN DPI technology in their access points.    I am not sure from the details if this was due to poor performance from DPI , but that is what I suspect.

Lastly, even the US government is annoyed that much of the data they formally had easy access to is now being encrypted by tech companies to protect their customer base privacy.

Does this recent storm of chatter on the subject spell the end  of commercial deep packet inspection? In my opinion no, not in the near term. The lure of DPI is so strong that preaching against it is like Galileo telling the church to shove off, it is going to take some time. And technically there are still many instances where DPI works quite well.

Yikes I Have Been Hacked

I had just opened up my network to outside requests ,thinking this will only take a few minutes.  The idea was to  attack my home network from the outside, blasting it  with endless loops of rapid queries from external servers in cyber space, thus simulating a DDOS attack  .    It turns out I was not alone in attacking my Network .

When I went to my monitor DDOS monitor screen to see my attack, I saw  the chart below.   All those Source Ports showing  22 are the result of a server on my network , randomly attempting to login to computers outside my network .  How ironic , while testing my own DDOS software from an outside attack , I find out that one of my servers has been hijacked to do the dirty work for some other hacker.  I am only showing about 46 attempts  in the table below, but all in all ,there were about 450 of them.  They  appeared all of a sudden out of nowhere.  And then, Comcast shut me down, when I hit their security circuit breaker.  Or so I surmised, because this is not the first time this has happened to me, and I usually get  a call from Comcast telling me to run my virus software.  You know how you are not supposed to talk to strangers ? Well I had been getting these calls out of the blue from somebody claiming to be “Comcast” security , and the sounds in the background during the scratchy call were like one of those Indian boiler plate call centers … so I had been ignoring them, just humoring these people.  But perhaps they really were Comcast ? Or perhaps this was just the coup do grace from the hacker pretending to be Comcast after orchestrating the attack, in order to gain my trust and get my bank account ?  Like a bad Mission Impossible plot I don’t know who to trust anymore.
Index     SRCP    DSTP    Wavg    Avg       IP1           IP2           Ptcl  Port  Pool  TOS
0     46762      22   203   336  TCP   1   2    1
1     54211      22    29    90  TCP   1   2    1
2     52734      22    15     0  TCP   1   2    1
3        22   33388    42     0  TCP   2   2    1
4        22   49398   238   277  TCP   2   2    1
5     49184      22    66   152  TCP   1   2    1
6        22   49184   163   374  TCP   2   2    1
7     51722      22   142   214  TCP   1   2    1
8     38133      22    11     0  TCP   1   2    1
9     55232      22    93   400  TCP   1   2    1
10     50373      22    20    40  TCP   1   2    1
11        22   40073    21    35  TCP   2   2    1
12        22   39950    11    40  TCP   2   2    1
13        22   51889     9     0  TCP   2   2    1
14        22   53866   204  1036  TCP   2   2    1
15     57596      22    93   236  TCP   1   2    1
16        22   51971   188   384  TCP   2   2    1
17        22   53617   328   580  TCP   2   2    1
18     52574      22   206   338  TCP   1   2    1
19        22   56081    23    93  TCP   2   2    1
20        22   41126   213   771  TCP   2   2    1
21        22   33853   209   384  TCP   2   2    1
22        22   52185   282  2369  TCP   2   2    1
23        22   54224   224  1032  TCP   2   2    1
24        22   52065   710   806  TCP   2   2    1
25     43568      22    28    88  TCP   1   2    1
26        22   39032   200   558  TCP   2   2    1
27     53968      22   148   265  TCP   1   2    1
28     39950      22    17    60  TCP   1   2    1
29        22   44785   320   464  TCP   2   2    1
30     41889      22    13     0  TCP   1   2    1
31        22   35743   233   368  TCP   2   2    1
32        22   48689   298   373  TCP   2   2    1
33     36165      22   226   293  TCP   1   2    1
34     44991      22    53   146  TCP   1   2    1
35     38500      22   180   345  TCP   1   2    1
36     50944      22     8     0  TCP   1   2    1
37     39511      22   168   319  TCP   1   2    1
38     53820      22    16    30  TCP   1   2    1
39     47030      22   225   261  TCP   1   2    1
40        22   38500   367   735  TCP   2   2    1
41     33165      22   119   248  TCP   1   2    1
42     51185      22    18    60  TCP   1   2    1
43     48472      22    18    60  TCP   1   2    1
44     32890      22    89   174  TCP   1   2    1
45     57725      22    75   180  TCP   1   2    1
46        22   55358  1072  1373  TCP   2   2    1

NetEqualizer News: August 2015

August 2015


Enjoy another issue of NetEqualizer News! This month, we preview our 8.4 Winter Release plans, highlight several recent testimonials from K-12 schools, talk about a DDoS attack thwarted by NetEqualizer, announce our new social media presence on Twitter, and discuss Demo Site updates. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

It is hard to believe it, but summer is almost over – at least for all the students going back to school or college in late August here in the U.S.! artIn honor of back-to-school, this month we share some of our latest testimonials from schools – see what they are saying about the NetEqualizer! We also highlight a real-life experience of how we helped one of our school customers catch a DDoS botnet. And, if you want to school yourself in something new, you can view our latest 8.3 reports, now available on our Demo Site.

And although it is still warm, we are starting to plan for winter – read about our Winter Release plans below, and let us know what you think!

twitterWe are excited to announce that NetEqualizer is now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at I would love to hear from you!

NetEqualizer is now on Twitter!

We are excited to announce that NetEqualizer has joined Twitter!twitter

If you would like to follow us, our handle is @NetEqualizer.

Just like our popular NetEqualizer News blog, @NetEqualizer will be geared toward topics around network optimization and Internet security.

We will tweet out insights on subjects from the latest in network security, traffic shaping, QoS, and net neutrality, as well as commentary on the state of Internet politics.

If this sounds interesting to you, follow us and share our account with others!

Let’s Go Back to School!
What K-12 schools are saying about NetEqualizer

Did you know NetEqualizer is a K-12 School Top 100 Product? K-12 school IT administrators love NetEqualizer! So much so that many have agreed to provide testimonials for us to post on our website.

Here are some of the recent ones we added:

The Lawrenceville School


“We’ve been a NetEqualizer customer for several years and I want you to know how pleased we are with it. Unlike our previous bandwidth management product which required constant tending and updates, the NetEqualizer works exactly as advertised: plug it in and forget it. Our Internet connections run smoothly regardless of the kind or amount of traffic thrown at it. Thanks again!”

Mark Costello – Network Engineer

Miss Hall’s School


“We have been extremely happy with our NetEqualizer. Gone are the bottlenecks that used to occur when all of our students were on the Internet at the same time. The NetEqualizer handles all of the bandwidth management, keeping our users happy, and has been completely hassle-free for our admins.”

Matt Pocock – Director of Technology

The Athenian School


“NetEqualizer is one of very few products that lives up to its promise. After initial configuration it simply does manage traffic in defined pools/objects. There is no complex application based rules or management required. It is a fantastic product that makes the life of a school network manager easier.”

Matt Binder – Director of Information Systems

Contact us if you would like your quote added to our testimonials page – even if you are not in the education space! We love hearing from all our customers about how we’ve helped them control congestion on their networks.


NetEqualizer Demo Site Has 8.3 Reporting
Updated with 8.3 Reporting

The NetEqualizer Demo Site now has the latest release (8.3) applied! This means that all of the exciting new features we’ve been discussing in our newsletter over the last few months are available to see for both new and existing customers.pdg

If you’d like to check out the new 8.3 features for yourself, you can do so here.

We’ve also updated our Product Demo Guide to reflect some of the changes we’ve made to the site.

If you have any questions about the latest release or would like to schedule a Technical Refresh to go over the new features, please feel free to contact us!


DDoS Gets Real

Think DDoS attacks only happen to other organizations? Sadly, no one is immune. The NetEqualizer is often placed in a unique position in a network such that it can provide real-time intelligence as to whether or not a DDoS attack is occurring. See recent articles regarding DDoS in our blog.

We’ve already heard stories from customers about how they’ve used the NetEqualizer to thwart DDoS attacks but we’ve never actually witnessed one in person – until last week. During a Tech Refresh call with one of our K-12 customers, the training engineer noticed abnormal traffic initiated from the outside to one of the school’s database servers. The IP looked suspicious and when geolocated, turned out to be from Hong Kong. The engineer then looked up the IP address in the active connections table and discovered it was hammering port 22 (SSH). This could have been a multitude of things including the beginning of a DDoS attack or a brute force attempt at connecting to the server. The school administrator immediately took action and blocked the IP.


While the NetEqualizer is excellent and controlling bandwidth congestion, don’t forget that its data can also be helpful in diagnosing other network-related issues, including DDoS!

See our recent blog article about discovering this attack, here.


8.4 Winter Release Plans

We are excited to announce that our Winter Release (8.4) is underway! 8.4 is targeted for the November through January 2016 timeframe

This release will focus on several key areas in the NetEqualizer GUI: Pool Enhancements, DDoS Alerts, and Built-in Configuration & Scripts, which we will discuss below.

Pool Enhancements
Many of you are familiar with our concept of shared limits, which we call “Pools.” Pools are a great way to allocate bandwidth (not reserved) to a group of IPs or subnets. Pools are used by many NetEqualizer customers who need to provide bandwidth to groups of users on their networks.

We find that Pools align with various concepts for different customer types:

1) Access Points (Internet Providers)
2) Buildings (Colleges or Schools)
3) Groups (Libraries – patrons/staff, Schools – staff/students/wireless guests)

As Pools have grown in popularity over the years, we now are focusing on making them easy to use. To do this we are going to add the ability to name your pools (so that you can better keep track of them), view subnets within your pools (so that you can better see which pool a user belongs to), and the ability to edit pools on the fly (so that you no longer have to remove and re-add them when you need to make a change).

DDoS Alerts
Adding to our existing email alert capability, we are now going to build in alerts for suspected DDoS traffic picked up by our DDoS Monitor. While checking the DDoS periodically will still be important, the alerts will give you piece of mind that your network is always being monitored for abnormal traffic.


For an example of why this is important, see the article titled “DDoS Gets Real” in this month’s newsletter.

Built-in Configuration & Scripts
Another feature of 8.4 will be the incorporation of some of our most popular custom configuration scripts that historically have only been available via our online help or our support team.

We will now have interfaces for setting up HTTPS on your NetEqualizer as well as the ability to have time-of-day configurations (configurations that change based on different needs throughout the day).

The goal with these features is to reduce work for customers, streamline workflow, and enhance our user interface with some of our most popular scripts that are not yet represented via the GUI.

If you have an idea for a GUI enhancement aligned with Pools, DDoS or Built-in Configuration & Scripts that you would like to be considered for 8.4, please let us know!


These features are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!

Best Of The Blog

How Does Your ISP Actually Enforce Your Internet Speed?

By Art Reisman – CTO – APconnections

Every once in a while I’ll post something on Reddit just to see the response. A couple of weeks ago I posted a link to this article and it generated about 3,000 hits over the course of a day.

This was even after I got a nasty note from the moderator saying I posted it in the wrong place. It was kind of ironic that 3,000 people were interested, maybe they click on anything that blinks?

I don’t know. Many of these articles you see on our blog are the result of technical conversations with customers. I’ll spend a good deal of mental energy explaining a concept and when appropriate I’ll take my notes and turn into an information article. Hence this blog post was born, I never imagined it would have such broad appeal.

Have you ever wondered how your ISP manages to control the speed of your connection? If so, you might find the following article enlightening. Below, we’ll discuss the various trade-offs used to control and break out bandwidth rate limits and the associated side effects of using those techniques.

Dropping Packets (Cisco term “traffic policing”)

One of the simplest methods for a bandwidth controller to enforce a rate cap is by dropping packets. When using the packet-dropping method, the bandwidth controlling device will count the total number of bytes that cross a link during a second. If the target rate is exceeded during any single second, the bandwidth controller will drop packets for the remainder of that second. For example, if the bandwidth limit is 1 megabit, and the bandwidth controller counts 1 million bits gone by in 1/2 a second, it will then drop packets for the remainder of the second. The counter will then reset for the next second. From most evidence we have observed, rate caps enforced by many ISPs use the drop packet method, as it is the least expensive method supported on most basic routers…

Photo Of The Month
North Arapaho Peak

North Arapaho Peak is the king of the Indian Peaks Wilderness Area in the Rocky Mountains just west of our home near Boulder, CO. Not only is it the tallest in the area (13,508 ft), it is also the most difficult non-technical climb.

The route involves an easy hike up to the summit of South Arapaho Peak – and the cruxes of the climb are five unique points along the ridge that connects the two mountains. The 0.75 mile ridge takes nearly an hour to complete in one direction and has significant exposure to falling below. This picture is from the ridge, looking down on Arapaho Glacier – a protected area that serves as the watershed for the City of Boulder.


Get every new post delivered to your Inbox.

Join 57 other followers

%d bloggers like this: